Bump the actions group in /.github/workflows with 10 updates #272

dependabot · 2024-11-01T02:58:02Z

Bumps the actions group in /.github/workflows with 10 updates:

Package	From	To
actions/checkout	`4.2.0`	`4.2.2`
actions/setup-python	`5.2.0`	`5.3.0`
actions/dependency-review-action	`4.3.4`	`4.4.0`
actions/cache	`4.0.2`	`4.1.2`
mamba-org/setup-micromamba	`1.9.0`	`2.0.0`
coverallsapp/github-action	`2.3.0`	`2.3.4`
pypa/gh-action-pypi-publish	`1.10.2`	`1.11.0`
actions/upload-artifact	`4.4.0`	`4.4.3`
github/codeql-action	`3.26.10`	`3.27.0`
softprops/action-gh-release	`2.0.8`	`2.0.9`

Updates actions/checkout from 4.2.0 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
See full diff in compare view

Updates actions/setup-python from 5.2.0 to 5.3.0

Release notes

Sourced from actions/setup-python's releases.

v5.3.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-python#941

Upgrade IA publish by @Jcambass in actions/setup-python#943

Bug Fixes:

Normalise Line Endings to Ensure Cross-Platform Consistency by @priya-kinthali in actions/setup-python#938

Revise isGhes logic by @jww3 in actions/setup-python#963

Bump pillow from 7.2 to 10.2.0 by @aparnajyothi-y in actions/setup-python#956

Enhancements:

Enhance workflows and documentation updates by @priya-kinthali in actions/setup-python#965

Bump default versions to latest by @jeffwidman in actions/setup-python#905

New Contributors

@Jcambass made their first contribution in actions/setup-python#941

@jww3 made their first contribution in actions/setup-python#963

Full Changelog: actions/setup-python@v5...v5.3.0

Commits

0b93645 Enhance workflows: Add macOS 13 support, upgrade publish-action, and update d...
9c76e71 Bump pillow from 7.2 to 10.2.0 in /tests/data (#956)
f4c5a11 Revise isGhes logic (#963)
19dfb7b Bump default versions to latest (#905)
e9675cc Merge pull request #943 from actions/Jcambass-patch-1
3226af6 Upgrade IA publish
70dcb22 Merge pull request #941 from actions/Jcambass-patch-1
65b48c7 Create publish-immutable-actions.yml
29a37be initial commit (#938)
See full diff in compare view

Updates actions/dependency-review-action from 4.3.4 to 4.4.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.4.0

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in actions/dependency-review-action#766

Create pull_request_template.md by @jonjanego in actions/dependency-review-action#794

Update CONTRIBUTING.md by @jonjanego in actions/dependency-review-action#793

Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in actions/dependency-review-action#815

Upgrade transitive micromatch library by @elireisman in actions/dependency-review-action#829

Do not list changed dependencies in summary by @hmaurer in actions/dependency-review-action#828

Update stale.yaml by @jonjanego in actions/dependency-review-action#832

Bump got from 14.4.1 to 14.4.2 by @dependabot in actions/dependency-review-action#822

Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

@louis-bompart made their first contribution in actions/dependency-review-action#766

@Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

Commits

4081bf9 Merge pull request #846 from actions/merge-group-bug-fix
03e585e fixing minor typo
08b4117 updating dist code
9c3441f updating dist code
304a544 updating tests
e99353b fixing merge_group schema bug
a6993e2 Merge pull request #840 from actions/dependabot-updates
d92f08b Bump eslint-plugin-jest and ts-jest
3e334b7 Merge pull request #822 from actions/dependabot/npm_and_yarn/got-14.4.2
32b7d88 Merge pull request #832 from actions/jonjanego-patch-3
Additional commits viewable in compare view

Updates actions/cache from 4.0.2 to 4.1.2

Release notes

Sourced from actions/cache's releases.

v4.1.2

What's Changed

Add Bun example by @idleberg in actions/cache#1456

Revise isGhes logic by @jww3 in actions/cache#1474

Bump braces from 3.0.2 to 3.0.3 by @dependabot in actions/cache#1475

Add dependabot.yml to enable automatic dependency upgrades by @Link- in actions/cache#1476

Bump actions/checkout from 3 to 4 by @dependabot in actions/cache#1478

Bump actions/stale from 3 to 9 by @dependabot in actions/cache#1479

Bump github/codeql-action from 2 to 3 by @dependabot in actions/cache#1483

Bump actions/setup-node from 3 to 4 by @dependabot in actions/cache#1481

Prepare 4.1.2 release by @Link- in actions/cache#1477

New Contributors

@idleberg made their first contribution in actions/cache#1456

@jww3 made their first contribution in actions/cache#1474

@Link- made their first contribution in actions/cache#1476

Full Changelog: actions/cache@v4...v4.1.2

v4.1.1

What's Changed

Restore original behavior of cache-hit output by @joshmgross in actions/cache#1467

Full Changelog: actions/cache@v4.1.0...v4.1.1

v4.1.0

What's Changed

Fix cache-hit output when cache missed by @fchimpan in actions/cache#1404

Deprecate save-always input by @joshmgross in actions/cache#1452

New Contributors

@ottlinger made their first contribution in actions/cache#1437

@Olegt0rr made their first contribution in actions/cache#1377

@fchimpan made their first contribution in actions/cache#1404

@x612skm made their first contribution in actions/cache#1434

@todgru made their first contribution in actions/cache#1311

@Jcambass made their first contribution in actions/cache#1463

@mackey0225 made their first contribution in actions/cache#1462

@quatquatt made their first contribution in actions/cache#1445

Full Changelog: actions/cache@v4.0.2...v4.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

4.0.2

Fixed restore fail-on-cache-miss not working.

4.0.1

Updated isGhes check

4.0.0

Updated minimum runner version support from node 12 -> node 20

3.3.3

Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378

Additional audit fixes of npm package(s)

3.3.2

Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

Added option to lookup cache without downloading it.

3.2.6

Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

... (truncated)

Commits

6849a64 Release 4.1.2 #1477
5a1720c Merge branch 'Link-/prep-4.1.2' of https://github.com/actions/cache into Link...
d9fef48 Merge branch 'main' into Link-/prep-4.1.2
a50e8d0 Merge branch 'main' into Link-/prep-4.1.2
acc9ae5 Merge pull request #1481 from actions/dependabot/github_actions/actions/setup...
1ea5f18 Merge branch 'main' into Link-/prep-4.1.2
cc679ff Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
366d43d Merge pull request #1483 from actions/dependabot/github_actions/github/codeql...
02bf319 Bump github/codeql-action from 2 to 3
6f6220b Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
Additional commits viewable in compare view

Updates mamba-org/setup-micromamba from 1.9.0 to 2.0.0

Release notes

Sourced from mamba-org/setup-micromamba's releases.

v2.0.0

What's Changed

Bug fixes

Copy generated mamba.bat to micromamba.bat to workaround cmd.exe Auto… by @JohanMabille in mamba-org/setup-micromamba#234

New Contributors

@JohanMabille made their first contribution in mamba-org/setup-micromamba#234

Full Changelog: mamba-org/setup-micromamba@v1...v2.0.0

v1.11.0

What's Changed

New features

pin micromamba default version to 1.* by @pavelzw in mamba-org/setup-micromamba#232

Full Changelog: mamba-org/setup-micromamba@v1.10.0...v1.11.0

v1.10.0

What's Changed

New features

Include bin hash in cache key by @bhperry in mamba-org/setup-micromamba#228

Dependency updates

Bump the actions group with 2 updates by @dependabot in mamba-org/setup-micromamba#215

Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the actions group by @dependabot in mamba-org/setup-micromamba#218

Bump softprops/action-gh-release from 2.0.6 to 2.0.8 in the actions group by @dependabot in mamba-org/setup-micromamba#220

New Contributors

@bhperry made their first contribution in mamba-org/setup-micromamba#228

Full Changelog: mamba-org/setup-micromamba@v1.9.0...v1.10.0

Commits

617811f Copy generated mamba.bat to micromamba.bat to workaround cmd.exe Auto… (#234)
4b9113a pin micromamba default version to 1.* (#232)
59b1132 Include bin hash in cache key (#228)
e751044 Bump softprops/action-gh-release from 2.0.6 to 2.0.8 in the actions group (#220)
29a3fc9 Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the actions group (#218)
a1ad40c Bump the actions group with 2 updates (#215)
See full diff in compare view

Updates coverallsapp/github-action from 2.3.0 to 2.3.4

Release notes

Sourced from coverallsapp/github-action's releases.

v2.3.4

What's Changed

Add coverage-reporter-platform input option by @afinetooth in coverallsapp/github-action#233

Since we have added support for coverage-reporter on aarch64, we need to provide users of our github-action the ability to select this architecture-specific version of coverage-reporter when they're using an aarch64 / arm64 runner in CI.

Full Changelog: coverallsapp/github-action@v2...v2.3.4

v2.3.3

What's Changed

Make sure the major version tag always points to the latest release (fixes #222) by @afinetooth in coverallsapp/github-action#230

Full Changelog: coverallsapp/github-action@v2...v2.3.3

v2.3.2

What's Changed

Verify that coverage-reporter-version option is recognized by @afinetooth in coverallsapp/github-action#229

Add build-number to supported inputs options by @afinetooth and @brianatgather in coverallsapp/github-action#228

Change sha256sum command flag to be compatible with alpine linux distros by @afinetooth and @jdebbink in coverallsapp/github-action#227

Docs: Fix the action version in usage example by @Jeff-Tian in coverallsapp/github-action#210

New Contributors

@brianatgather made their first contribution in coverallsapp/github-action#228 / coverallsapp/github-action#199

@jdebbink made their first contribution in coverallsapp/github-action#227 / coverallsapp/github-action#198

@Jeff-Tian made their first contribution in coverallsapp/github-action#210

Full Changelog: coverallsapp/github-action@v2.3.1...v2.3.2

v2.3.1

What's Changed

Extend behavior of fail-on-error option to setup failures by @afinetooth in coverallsapp/github-action#226

Technically an enhancement, these changes make the action behave as many customers already expect by ignoring any and all failures when the fail-on-error input is set to false.

Adds logic to handle any failures in "setup" tasks, including downloading the coverage-reporter binary, verifying the binary, and finding the binary by its expected name after extraction.

The new logic checks these actions and exits with code 1 on failure, except if fail-on-error is set to true, in which case it returns exit code 0.

Adds a matrix workflow that tests the action for each os and the two key binary commands (coveralls report and coevralls done). Each of these scenarios implicitly tests our setup tasks since they run first in each scenario.

Also extends the behavior of debug: true to flip the shell-specific debug flag for each os including set -x for linux and macos and Set-PSDebug -Trace 1 for windows.

Full Changelog: coverallsapp/github-action@v2.3.0...v2.3.1

Commits

cfd0633 Add coverage-reporter-platform input option (#233)
0db2c3c Update README.md
29d7fa2 Add two more helpful steps to update-major-version-tag workflow (#231)
4cdef0b Always point the major version tag to the latest release (#230)
43f11c4 Verify that coverage-reporter-version option is recognized (#229)
c258231 Add build number to supported inputs options (#228)
0ae2400 Change command to to be compatible with alpine distros. (#227)
f795697 Update README.md
38d584d Update README.md
9a6b4a8 docs: fix the action version (#210)
Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.10.2 to 1.11.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.11.0

🔏 Helping you become a trusted supply chain link 🔗

Two months ago, in v1.10.0, @woodruffw💰 integrated support for generating and uploading PEP 740 digital attestations that can be used as provenance objects when analyzing dependency chains for the integrity.

To make sure it works well, it was implemented as an opt-in, so a relatively small subset of projects was able to try it out, and a few issues have been determined and fixed during this time.

That changes today! This version changes the feature toggle to “on by default”. This means that from now on, every project making use of Trusted Publishing will start producing and publishing digital attestations without having to do any modifications to how they use this action.

@woodruffw💰 flipped the respective toggle in #277 with the possibility to opt-out.

🛠️ Internal Dependencies

@woodruffw💰 bumped sigstore to v3.5.1 and pypi-attestations to v0.0.13 in lock files via #276.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.10.3...v1.11.0

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

🙏 Special Thanks to William for working on improving the supply chain provenance in the ecosystem! The overall effort is tracked @ pypi/warehouse#15871.

v1.10.3

💅 Cosmetic Output Improvements

In #270, @facutuesca💰 made a follow-up to their previous PR #250, making the hints show up more granularly. This effectively makes sure that the suggestion to enable Trusted Publishing does not get displayed when it's already in use. It also makes the message nicer in a few places on the UI.

🛠️ Internal Dependencies

@mosfet80💰 updated a few internal linter versions in #266, #267, and #271, no user impact. This is usually automated otherwise.

💪 New Contributors

@mosfet80 made their first contribution in pypa/gh-action-pypi-publish#266

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.10.2...v1.10.3

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

Commits

fb13cb3 📝 Reflect the PR #277 changes in README
72ead1a Merge PRs #276 and #277 into release/v1
0126dca action: enable attestations by default
335e8b0 bump sigstore==3.5.1
1545e96 requirements: bump sigstore, pypi-attestations
f760068 Merge pull request #271 from mosfet80/patch-3
6edc294 Fix node.js v16 deprecation self-smoke-test-action.yml
85a5a80 Merge pull request #270 from trail-of-forks/fix-magic-link-summary
954318b Merge pull request #267 from mosfet80/patch-2
24791c7 Merge pull request #266 from mosfet80/patch-1
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.4.0 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

Commits

b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
92b01eb Undo indirect dependency updates from #627
8448086 Merge pull request #627 from actions/robherley/v4.4.2
b1d4642 add explicit relative and absolute symlinks to workflow
d50e660 bump version
aabe6f8 build with @actions/artifact v2.1.11
604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
0150148 paste right core version
a009b25 update licenses
9f6f6f4 update @actions/core and @actions/artifact to latest versions
Additional commits viewable in compare view

Updates github/codeql-action from 3.26.10 to 3.27.0

Release notes

Sourced from github/codeql-action's releases.

v3.27.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024

Bump the minimum CodeQL bundle version to 2.14.6. #2549

Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557

Update default CodeQL bundle version to 2.19.2. #2552

See the full CHANGELOG.md for more information.

v3.26.13

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.26.13 - 14 Oct 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.26.12

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.26.12 - 07 Oct 2024

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

See the full CHANGELOG.md for more information.

v3.26.11

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.0 - 22 Oct 2024

Bump the minimum CodeQL bundle version to 2.14.6. #2549

Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557

Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.26.11 and github/codeql-action/*@v2 by github/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

Upcoming breaking change: Add support for using actions/download-artifact@v4 to...
Description has been truncated

Bumps the actions group in /.github/workflows with 10 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.0` | `4.2.2` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.2.0` | `5.3.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.4` | `4.4.0` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.2` | | [mamba-org/setup-micromamba](https://github.com/mamba-org/setup-micromamba) | `1.9.0` | `2.0.0` | | [coverallsapp/github-action](https://github.com/coverallsapp/github-action) | `2.3.0` | `2.3.4` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.10.2` | `1.11.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.0` | `4.4.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.26.10` | `3.27.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.8` | `2.0.9` | Updates `actions/checkout` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@d632683...11bd719) Updates `actions/setup-python` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@f677139...0b93645) Updates `actions/dependency-review-action` from 4.3.4 to 4.4.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@5a2ce3f...4081bf9) Updates `actions/cache` from 4.0.2 to 4.1.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...6849a64) Updates `mamba-org/setup-micromamba` from 1.9.0 to 2.0.0 - [Release notes](https://github.com/mamba-org/setup-micromamba/releases) - [Commits](mamba-org/setup-micromamba@f8b8a1e...617811f) Updates `coverallsapp/github-action` from 2.3.0 to 2.3.4 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](coverallsapp/github-action@643bc37...cfd0633) Updates `pypa/gh-action-pypi-publish` from 1.10.2 to 1.11.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@897895f...fb13cb3) Updates `actions/upload-artifact` from 4.4.0 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5076954...b4b15b8) Updates `github/codeql-action` from 3.26.10 to 3.27.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e2b3eaf...6624720) Updates `softprops/action-gh-release` from 2.0.8 to 2.0.9 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@c062e08...e7a8f85) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mamba-org/setup-micromamba dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>

Zeitsperre

@dependabot merge

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 1, 2024

github-actions bot added the CI Continuous Integration label Nov 1, 2024

Zeitsperre reviewed Nov 1, 2024

View reviewed changes

Zeitsperre approved these changes Nov 1, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group in /.github/workflows with 10 updates #272

Bump the actions group in /.github/workflows with 10 updates #272

dependabot bot commented on behalf of github Nov 1, 2024

Zeitsperre left a comment

Bump the actions group in /.github/workflows with 10 updates #272

Are you sure you want to change the base?

Bump the actions group in /.github/workflows with 10 updates #272

Conversation

dependabot bot commented on behalf of github Nov 1, 2024

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v5.3.0

What's Changed

Bug Fixes:

Enhancements:

New Contributors

v4.4.0

What's Changed

v4.3.5

What's Changed

New Contributors

v4.1.2

What's Changed

New Contributors

v4.1.1

What's Changed

v4.1.0

What's Changed

New Contributors

Releases

4.1.2

4.1.1

4.1.0

4.0.2

4.0.1

4.0.0

3.3.3

3.3.2

3.3.1

3.3.0

3.2.6

3.2.5

v2.0.0

What's Changed

Bug fixes

New Contributors

v1.11.0

What's Changed

New features

v1.10.0

What's Changed

New features

Dependency updates

New Contributors

v2.3.4

What's Changed

v2.3.3

What's Changed

v2.3.2

What's Changed

New Contributors

v2.3.1

What's Changed

v1.11.0

🔏 Helping you become a trusted supply chain link 🔗

🛠️ Internal Dependencies

v1.10.3

💅 Cosmetic Output Improvements

🛠️ Internal Dependencies